use of io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT in project trino by trinodb.
the class FileBasedSystemAccessControl method filterColumns.
@Override
public Set<String> filterColumns(SystemSecurityContext context, CatalogSchemaTableName tableName, Set<String> columns) {
if (!checkAnyTablePermission(context, tableName)) {
return ImmutableSet.of();
}
if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaTableName().getSchemaName())) {
return columns;
}
Identity identity = context.getIdentity();
CatalogTableAccessControlRule rule = tableRules.stream().filter(tableRule -> tableRule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), tableName)).findFirst().orElse(null);
if (rule == null || rule.getPrivileges().isEmpty()) {
return ImmutableSet.of();
}
// if user has privileges other than select, show all columns
if (rule.getPrivileges().stream().anyMatch(privilege -> SELECT != privilege && GRANT_SELECT != privilege)) {
return columns;
}
Set<String> restrictedColumns = rule.getRestrictedColumns();
return columns.stream().filter(column -> !restrictedColumns.contains(column)).collect(toImmutableSet());
}
Aggregations